Vigil@nce: libvirt, denial of service via the API
March 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A read-only attacker can use some functions of the libvirt
library, in order to create denials of service.
– Severity: 2/4
– Creation date: 10/03/2011
IMPACTED PRODUCTS
- Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The libvirt library provides a standard interface on several
virtualization products (Xen, QEMU, KVM, etc.).
A libvirt user, who is connected as read-only, can only see the
configuration of virtual machines. However, four functions ignore
this mode, and can be used to alter the configuration:
– virNodeDeviceDettach : detach a node
– virNodeDeviceReset : reset a node
– virDomainRevertToSnapshot : revert to a snapshot
– virDomainSnapshotDelete : delete a snapshot
A read-only attacker can therefore use some functions of the
libvirt library, in order to create denials of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libvirt-denial-of-service-via-the-API-10444